I'm trying to setup a Win2008R2 IIS webfarm on Google Compute Engine.
I've got the machine setup, however when I try to add it to a network load balancer pool, the balancer consistently reports the machine as unhealthy - even if i disable healt checks. I have a single forward rule setup for port 80.
I've tried different size instances in different regions/zones to no avail. Traffic into the load balancer never makes it to my instance, and the instance is always report as unhealthy.
For the firewall I went ahead and added a blanket rule so 0.0.0.0/0 can access all local net services (ICMP;TCP:1-65535; UDP:1-65535) and I've disabled windows firewall.
Anyone have any experience getting this working?
Spoke with google support. "Known issue with windows instances - check back in 6 months." In the mean time, use linux or setup your own NLB within your project.
Strange that it is not working for you. I replicated your situation and I am getting to the machine with no issues. The load balancer is forwarding traffic as expected and it reaches the system who is marked as healthy in the Lb pool.
You may want to add the following rule to the windows firewall with advanced security(make sure you use the "advanced security" one and not the default):
Inbound rule > New port > port 80
Once this is done, from your machine you can curl or telnet to the address while running a netstat on the Windows system and you should see the LB forwarding rule IP making requests :
$ curl IP (locally)
$ netstat (on the windows machine)
Hope this helps !
Related
What I'm Trying to Achieve
To access localhost from my local machine during the development of a Symfony web app.
My Environment
WSL2 running on Windows 10
Linux, Apache2, MySQL, PHP-7.4 stack (with Xdebug3 intalled)
Debian 10
Symfony 5.4 (although not sure on if relevant to this problem)
Steps I've Taken
Set up WSL2 according to this Microsoft WSL2 tutorial
Set up LAMP stack according to this Digital Ocean tutorial
Set up Symfony according to this Symfony tutorial
Run the following bash script on startup to start my services and set the host to the virtual WSL IP in my xdebug.ini file
#!/bin/sh
REMOTEIP=`cat /etc/resolv.conf | grep nameserver | sed 's/nameserver\s//'`
sed -i -E "s/client_host=[0-9\.]+/client_host=$REMOTEIP/g" /etc/php/7.4/mods-available/xdebug.ini
service php7.4-fpm start
service apache2 start
service mysql start
Run my Symfony project on the development server using symfony serve -d (Symfony then tells me "The Web server is using PHP FPM 7.4.23 https://127.0.0.1:8000")
Go to https://localhost:8000/ in Chrome where the app is running
What I Expect to Happen
My Symfony web app to be running on https://localhost:8000/ when I visit the URL in my Chrome browser
What Actually Happens
I get "This site can't be reached localhost refused to connect." in the Chrome browser
What I've Tried
This used to happen less frequently and I would give my laptop a restart, repeat the process above, and I could connect via https://localhost:8000/. However, it refuses to connect more regularly now (like 8/10 times I start up for the day)
Connecting to https://127.0.0.1:8000 yields the same result.
Connecting to the site using the internal WSL IP address, found using hostname -I and replacing localhost with this IP (still on port 8000). This is an adequate workaround to use my app, however I am unable to interact with my database via MySQL Workbench without having to set up a new connection, therefore a fix where I can use localhost would be very helpful!
(Based off comments) Only ran symfony serve -d without starting apache and PHP services separately - still sometimes allows connections to localhost but sometimes doesn't work.
Conclusion
The behaviour is odd as it works sometimes but other times it doesn't when the exact same steps are carried out. I am unsure where else to look for answers and I can't seem to find anything online with this same problem. Please let me know if any config files, etc would be helpful. Thank you so much for your help! :)
When it's working normally, as you are clearly aware, the "localhost forwarding" feature of WSL2 means that you can access services running inside WSL2 using the "localhost" address of the Windows host.
Sometimes, however, that feature breaks down. This is known to happen when you either:
Hibernate
Have the Windows "Fast Startup" feature enabled (and it is the default). Fast Startup is a pseudo-hibernation which triggers the same problem.
Typically the best solution is to disable Hibernation and Fast Startup. However, if you do need these features, you can reset the WSL localhost feature by:
Exiting any WSL instances
Issuing wsl --shutdown
Restarting your instance
It's my experience that localhost forwarding will work after that. However, if it doesn't, thanks to #lwohlhart in the comments for mentioning that another thing to try is disabling IPv6 on WSL2, since (I believe) there's a possibility that the application is listening on IPv6 while the Windows->WSL2 connection localhost connection is being attempted on IPv6.
You can disable IPv6 on WSL2 per this Github comment by creating or editing .wslconfig in your Windows user profile directory with the following:
[wsl2]
kernelCommandLine=ipv6.disable=1
A wsl --shutdown and restart will be necessary to complete the changes.
If you find that this works, it may be possible to solve the issue by making sure to either use the IPv4 (127.0.0.1) or IPv6 (::1) address specifically in place of localhost on the Windows side, or by configuring the service to listen on both addresses.
Try to run command netstat -nltp. It shows active addresses and ports. Your nginx process should be run at 0.0.0.0:8000. 0.0.0.0 means the nginx process is available from anywhere.
If your nginx process is ran by any specific ip address, you should access it by that ip address, e.g http://192.168.4.2:8000.
I am trying to set up my JMeter master/slave set up on AWS EC2 instances using windows. Out of the box integration didn't work (connection refused errors) and after some investigation I got to know that RMI communication only works if the machines are on same subnet (is this true?). I found this great article and I tried to follow it as is on windows (tried running ssh port forward tunneling via cygwin) but not have any luck. So I was hoping if someone already done this with Windows and can share their experience.
Out of the box integration didn't work (connection refused errors) and
after some investigation I got to know that RMI communication only
works if the machines are on same subnet (is this true?)
It is not necessary. Even if the machines are in a different subnet and addressable via the network, RMI should work. Here make sure the Security Groups and NACLs are properly set so that both EC2 instances can communicate with each other via the network.
You can check whether you can ping(For this you need to enable ICMP in your Security Groups and also make sure other needed ports are opened for RMI) from one EC2 instance to another. If the servers can communicate with each other, then you need to troubleshoot internal firewall configuration in windows EC2 instances.
We have used https://testable.io/ AMI's from the marketplace. It takes care of all configuration and just needs to worry only about testing and the results.
https://aws.amazon.com/marketplace/pp/B073JNTVKP
All our endpoints are secured to certain IP-ranges from testable.io. If you have internal, still you need to setup those security settings.
Hope it helps.
I'm running Windows Server 2012 w/ vmWare Workstation. I've built a GitLab VM on Centos 7 that's totally setup and accessible on my local network. It's configured using Bridged Mode so it has it's own IP from the DHCP Server.
I use No-IP to connect to my Network externally which has been working great for several years now. I have port-forwarding setup within my router to forward traffic for the GitLab webUI to the GitLab VM, but it's not accessible externally. I even tried setting up the port forwarding to direct the traffic to the Windows Server and then setup internal port forwarding w/ netsh on the Windows Server to forward the traffic to the GitLab VM, making sure I opened the port on the Windows Firewall (even tried disabling it), but I still can't get to the GitLab VM externally. AFAIK running a VM w/ a Bridged adapter should essentially be like it is just another physical machine on the network.
Now, I am running IIS on the Windows Server, but when I specify a specific port using my public No-IP Domain, the router should detect the traffic on that port and forward it according to the rules that I have setup, correct? IIS shouldn't be interfering with any traffic on other ports with the external Domain.
I'm totally stumped on this on and searching around the web really hasn't helped much.
So it turns out that I did everything 100% correctly with setting up port forwarding right to the IP of the VM, but my workplace blocks just about every port except for 80 and 443. Tested connectivity from an AWS box and everything is accessible exactly as designed.
Now I just feel like an idiot, but hey, I figured it out.
Despite ElasticSearch and Kibana both running on my production server, I'm unable to visit the GUI over the public IP: http://52.4.153.19:5601/
Localhost curls return 200 but console errors on the browser report timeouts after a few images are retrieved.
I've successfully installed, run, and accessed Kibana on my local (Windows 10) and on my staging AWS EC2 Ubuntu 14.04 environment. I'm able to access both over port 5601 on localhost and the staging environment is accessible over the public IP address and all domains addressed accordingly. The reverse proxy also works and all status indicators are green on the dashboard.
I'm running Kibana 4.5, ElasticSearch 2.3.1, Apache 2.4.12
I've used the same exact volume from the working environment to attach to the production instance, so everything is identical on the two volumes, except that the staging environment's apache vhost uses a subdomain while the production environment's servername is the base domain. Both are configured for SSL wildcards. Both are in separate availability zones at Amazon. I've tried altering the server block to use a subdomain on the production server, just to see if the domain was impactful but the error remains.
I also tried running one instance individually, in case EC2 had some kind of networking error with 0.0.0.0 but I'm unable to come to a resolution. All logs and configurations are identical between the two servers for ElasticSearch and Kibana.
I've tried deleting and re-creating the kibana index, tried alternate settings inclusive of the host, elasticsearch url, extending the max ping and timeout, max retries, extended the apache limits, http.cors to allow different origins. I've tried other ports but both servers are indicating that 5601 is listening in the same way.
I also had the same problem on a completely different volume that was previously attached to this instance.
The only difference I can see is that the working version pings fine while the non-working version has a 100% packet loss when pinging the IP, although I can't imagine why that would be, as I'm able to reach the website on 80, just fine. I can also access various other tools running on other ports. I assume there might be some kind of networking conflict. Any ideas?
May be port 5601 is blocked by firewall
Allow incoming connections to port 5601 by:
sudo iptables -I INPUT -p tcp --dport 5601 -j ACCESS
For security:
Modify above mentioned command and accept connection only from specific address. (See man iptables)
or use Shield plugin for elasticseach
Sorry, forgot to update this question. The answer turned out being that I simply needed to deploy a new instance. Simply by creating a clone of the instance, I was able to resolve the issue. I've had networking problems at AWS, before, with their internal dns/ip conflicts, so I've had to do so, in the past and this turned out to be the quickest and cleanest solution, albeit not providing any definitive insight into the cause.
Ive been searching around the internet and I cannot not find the answer to why wampserver is only running on localhost. I have pressed Put Online and I still do not know why it is only running offline. Not sure if it is my wampserver setup or my router blocking me, so any help would be great.
To access your server from the internet you need to do a number of things not specifically related to WAMPServer.
First you need to port forward your router, this allows un-solicited traffic on port 80 throught the NAT router firewall protection, into your network where normally for security reasons it is not allowed in. This opens the port and makes sure that all traffic on port 80 of yor router is directed to the PC running WAMPServer i.e. Apache. So you will need to make sure that the PC running Apache has a STATIC ip address and is not being allowctae an IP by the routers DHCP server.
This site can be very helpful with learning how to do that
Once that is done you may also need to configure your software firewall running on the PC that has Apache on it to allow traffic on port 80 into the PC. Although you may have allowed this already when you first ran Wampserver after it was installed.
When you use the WAMPManagers Put Online and Put Offline that changes the Apache config (httpd.conf) and should change
# onlineoffline tag - don't remove
Require local
which tells apache to only allow connections from the PC running Apache
To
# onlineoffline tag - don't remove
Require all granted
which tells Apache that it is allowed to action connections from any ip address in the world
1) Check you firewall setting 80 port enable
2) Check anti virus Blocking
3) c:\wamp\bin\apache\Apache2.2.11\conf\httpd.conf
Order Deny,Allow
Deny from none
Allow from all